| Vendor | FINOS |
| Product | CCC-Complete |
| Version | 0.1 |
CCC-Complete 0.1
Test results for this specific product, vendor, and version combination
Download Raw Results
Download the original OCSF, Gemara, or HTML result files used to generate this page
Test Summary
Aggregate summary of all tests for this configuration result
| Resources In Configuration | 2 |
| Count of Tests | 8 |
| Passing Tests | 4 |
| Failing Tests | 4 |
| Catalogs Tested | CCC.VPC |
Control Catalog Summary
Summary of test results grouped by control catalog and resource
| Control Catalog | Resources | Total Tests | Passing | Failing | Tested Requirements | Missing Requirements | Unused Core Requirements |
|---|---|---|---|---|---|---|---|
| CCC.VPC | vpc-0d5625cb163976d8...vpc-0f3af4b6986f1e0a... | 8 | 4 | 4 | None |
Test Mapping Summary
Summary of test mappings showing how event codes map to test requirements
| Control Catalog | Test Requirement | Mapped Tests (Event Code | Total | Passing | Failing) |
|---|---|---|
| CCC.VPC | CCC.VPC.CN03.AR01 When a VPC peering connection is requested, the service MUST prevent connections from VPCs that are not explicitly allowed. | Enforcement proof (dry-run): all disallowed requesters are denied against in-scope receiver VPC422 Enforcement proof (dry-run): non-allowlisted requester is denied even when not explicitly listed as disallowed422 |
Resource Summary
Summary of all resources mentioned in OCSF results
| Resource Name | Resource Type | Control Catalogs | Total Tests | Passing | Failing |
|---|---|---|---|---|---|
vpc-0d5625cb163976d86 | vpc | CCC.VPC | 4 | 4 | 0 |
vpc-0f3af4b6986f1e0ab | vpc | CCC.VPC | 4 | 0 | 4 |
Test Results
OCSF test results filtered for entries with CCC compliance mappings
| Status | Finding | Resource Name | Resource Type | Message | Test Requirements |
|---|---|---|---|---|---|
| FAIL | Enforcement proof (dry-run): all disallowed requesters are denied against in-scope receiver VPC ✓ a cloud api for "{Instance}" in "api"
✓ I call "{api}" with "GetServiceAPI" using argument "vpc"
✓ I refer to "{result}" as "vpcService"
✓ I refer to "{UID}" as "ReceiverVpcId"
✓ I refer to "{Cn03NonAllowlistedRequesterVpcId}" as "NonAllowlistedRequesterVpcId"
✓ I load environment variable "CN03_PEER_TRIAL_MATRIX_FILE" as "PeerTrialMatrixFile"
✓ "{ReceiverVpcId}" is not nil
✓ I call "{vpcService}" with "ValidateDisallowListEnforcement" using argument "{ReceiverVpcId}"
✓ I attach "{result.Summary}" to the test output as "Disallow-list Enforcement Summary"
✓ I attach "{result.Results}" to the test output as "Disallow-list Enforcement"
✓ "{result.ListDefined}" is true
✓ "{result.TestedCount}" should be greater than "0"
✗ "{result.AllCorrect}" is true - Error: expected {result.AllCorrect} to be truthy, got false (type: bool)
⊘ "{result.ViolationCount}" is "0" (skipped) | vpc-0f3af4b6986f1e0ab | vpc | Enforcement proof (dry-run): all disallowed requesters are denied against in-scope receiver VPC | |
| FAIL | Enforcement proof (dry-run): non-allowlisted requester is denied even when not explicitly listed as disallowed ✓ a cloud api for "{Instance}" in "api"
✓ I call "{api}" with "GetServiceAPI" using argument "vpc"
✓ I refer to "{result}" as "vpcService"
✓ I refer to "{UID}" as "ReceiverVpcId"
✓ I refer to "{Cn03NonAllowlistedRequesterVpcId}" as "NonAllowlistedRequesterVpcId"
✓ I load environment variable "CN03_PEER_TRIAL_MATRIX_FILE" as "PeerTrialMatrixFile"
✓ "{ReceiverVpcId}" is not nil
✓ "{NonAllowlistedRequesterVpcId}" is not nil
✓ I call "{vpcService}" with "EvaluatePeerAgainstAllowList" using argument "{NonAllowlistedRequesterVpcId}"
✓ "{result.AllowedListDefined}" is true
✓ "{result.Allowed}" is false
✓ I call "{vpcService}" with "AttemptVpcPeeringDryRun" using arguments "{NonAllowlistedRequesterVpcId}" and "{ReceiverVpcId}"
✗ "{result.DryRunAllowed}" is false - Error: expected {result.DryRunAllowed} to be falsy, got true (type: bool)
⊘ "{result.AllowListDefined}" is true (skipped)
⊘ "{result.RequesterInAllowList}" is false (skipped)
⊘ "{result.GuardrailExpectation}" is "deny" (skipped)
⊘ "{result.GuardrailMismatch}" is false (skipped)
⊘ "{result.ExitCode}" should be greater than "0" (skipped)
⊘ "{result.Reason}" contains "guardrail aligned" (skipped)
⊘ "{result.ConflictType}" is "" (skipped) | vpc-0f3af4b6986f1e0ab | vpc | Enforcement proof (dry-run): non-allowlisted requester is denied even when not explicitly listed as disallowed | |
| PASS | Enforcement proof (dry-run): all disallowed requesters are denied against in-scope receiver VPC ✓ a cloud api for "{Instance}" in "api"
✓ I call "{api}" with "GetServiceAPI" using argument "vpc"
✓ I refer to "{result}" as "vpcService"
✓ I refer to "{UID}" as "ReceiverVpcId"
✓ I refer to "{Cn03NonAllowlistedRequesterVpcId}" as "NonAllowlistedRequesterVpcId"
✓ I load environment variable "CN03_PEER_TRIAL_MATRIX_FILE" as "PeerTrialMatrixFile"
✓ "{ReceiverVpcId}" is not nil
✓ I call "{vpcService}" with "ValidateDisallowListEnforcement" using argument "{ReceiverVpcId}"
✓ I attach "{result.Summary}" to the test output as "Disallow-list Enforcement Summary"
✓ I attach "{result.Results}" to the test output as "Disallow-list Enforcement"
✓ "{result.ListDefined}" is true
✓ "{result.TestedCount}" should be greater than "0"
✓ "{result.AllCorrect}" is true
✓ "{result.ViolationCount}" is "0" | vpc-0d5625cb163976d86 | vpc | Enforcement proof (dry-run): all disallowed requesters are denied against in-scope receiver VPC | |
| PASS | Enforcement proof (dry-run): non-allowlisted requester is denied even when not explicitly listed as disallowed ✓ a cloud api for "{Instance}" in "api"
✓ I call "{api}" with "GetServiceAPI" using argument "vpc"
✓ I refer to "{result}" as "vpcService"
✓ I refer to "{UID}" as "ReceiverVpcId"
✓ I refer to "{Cn03NonAllowlistedRequesterVpcId}" as "NonAllowlistedRequesterVpcId"
✓ I load environment variable "CN03_PEER_TRIAL_MATRIX_FILE" as "PeerTrialMatrixFile"
✓ "{ReceiverVpcId}" is not nil
✓ "{NonAllowlistedRequesterVpcId}" is not nil
✓ I call "{vpcService}" with "EvaluatePeerAgainstAllowList" using argument "{NonAllowlistedRequesterVpcId}"
✓ "{result.AllowedListDefined}" is true
✓ "{result.Allowed}" is false
✓ I call "{vpcService}" with "AttemptVpcPeeringDryRun" using arguments "{NonAllowlistedRequesterVpcId}" and "{ReceiverVpcId}"
✓ "{result.DryRunAllowed}" is false
✓ "{result.AllowListDefined}" is true
✓ "{result.RequesterInAllowList}" is false
✓ "{result.GuardrailExpectation}" is "deny"
✓ "{result.GuardrailMismatch}" is false
✓ "{result.ExitCode}" should be greater than "0"
✓ "{result.Reason}" contains "guardrail aligned"
✓ "{result.ConflictType}" is "" | vpc-0d5625cb163976d86 | vpc | Enforcement proof (dry-run): non-allowlisted requester is denied even when not explicitly listed as disallowed | |
| FAIL | Enforcement proof (dry-run): all disallowed requesters are denied against in-scope receiver VPC ✓ a cloud api for "{Instance}" in "api"
✓ I call "{api}" with "GetServiceAPI" using argument "vpc"
✓ I refer to "{result}" as "vpcService"
✓ I refer to "{UID}" as "ReceiverVpcId"
✓ I refer to "{Cn03NonAllowlistedRequesterVpcId}" as "NonAllowlistedRequesterVpcId"
✓ I load environment variable "CN03_PEER_TRIAL_MATRIX_FILE" as "PeerTrialMatrixFile"
✓ "{ReceiverVpcId}" is not nil
✓ I call "{vpcService}" with "ValidateDisallowListEnforcement" using argument "{ReceiverVpcId}"
✓ I attach "{result.Summary}" to the test output as "Disallow-list Enforcement Summary"
✓ I attach "{result.Results}" to the test output as "Disallow-list Enforcement"
✓ "{result.ListDefined}" is true
✓ "{result.TestedCount}" should be greater than "0"
✗ "{result.AllCorrect}" is true - Error: expected {result.AllCorrect} to be truthy, got false (type: bool)
⊘ "{result.ViolationCount}" is "0" (skipped) | vpc-0f3af4b6986f1e0ab | vpc | Enforcement proof (dry-run): all disallowed requesters are denied against in-scope receiver VPC | |
| FAIL | Enforcement proof (dry-run): non-allowlisted requester is denied even when not explicitly listed as disallowed ✓ a cloud api for "{Instance}" in "api"
✓ I call "{api}" with "GetServiceAPI" using argument "vpc"
✓ I refer to "{result}" as "vpcService"
✓ I refer to "{UID}" as "ReceiverVpcId"
✓ I refer to "{Cn03NonAllowlistedRequesterVpcId}" as "NonAllowlistedRequesterVpcId"
✓ I load environment variable "CN03_PEER_TRIAL_MATRIX_FILE" as "PeerTrialMatrixFile"
✓ "{ReceiverVpcId}" is not nil
✓ "{NonAllowlistedRequesterVpcId}" is not nil
✓ I call "{vpcService}" with "EvaluatePeerAgainstAllowList" using argument "{NonAllowlistedRequesterVpcId}"
✓ "{result.AllowedListDefined}" is true
✓ "{result.Allowed}" is false
✓ I call "{vpcService}" with "AttemptVpcPeeringDryRun" using arguments "{NonAllowlistedRequesterVpcId}" and "{ReceiverVpcId}"
✗ "{result.DryRunAllowed}" is false - Error: expected {result.DryRunAllowed} to be falsy, got true (type: bool)
⊘ "{result.AllowListDefined}" is true (skipped)
⊘ "{result.RequesterInAllowList}" is false (skipped)
⊘ "{result.GuardrailExpectation}" is "deny" (skipped)
⊘ "{result.GuardrailMismatch}" is false (skipped)
⊘ "{result.ExitCode}" should be greater than "0" (skipped)
⊘ "{result.Reason}" contains "guardrail aligned" (skipped)
⊘ "{result.ConflictType}" is "" (skipped) | vpc-0f3af4b6986f1e0ab | vpc | Enforcement proof (dry-run): non-allowlisted requester is denied even when not explicitly listed as disallowed | |
| PASS | Enforcement proof (dry-run): all disallowed requesters are denied against in-scope receiver VPC ✓ a cloud api for "{Instance}" in "api"
✓ I call "{api}" with "GetServiceAPI" using argument "vpc"
✓ I refer to "{result}" as "vpcService"
✓ I refer to "{UID}" as "ReceiverVpcId"
✓ I refer to "{Cn03NonAllowlistedRequesterVpcId}" as "NonAllowlistedRequesterVpcId"
✓ I load environment variable "CN03_PEER_TRIAL_MATRIX_FILE" as "PeerTrialMatrixFile"
✓ "{ReceiverVpcId}" is not nil
✓ I call "{vpcService}" with "ValidateDisallowListEnforcement" using argument "{ReceiverVpcId}"
✓ I attach "{result.Summary}" to the test output as "Disallow-list Enforcement Summary"
✓ I attach "{result.Results}" to the test output as "Disallow-list Enforcement"
✓ "{result.ListDefined}" is true
✓ "{result.TestedCount}" should be greater than "0"
✓ "{result.AllCorrect}" is true
✓ "{result.ViolationCount}" is "0" | vpc-0d5625cb163976d86 | vpc | Enforcement proof (dry-run): all disallowed requesters are denied against in-scope receiver VPC | |
| PASS | Enforcement proof (dry-run): non-allowlisted requester is denied even when not explicitly listed as disallowed ✓ a cloud api for "{Instance}" in "api"
✓ I call "{api}" with "GetServiceAPI" using argument "vpc"
✓ I refer to "{result}" as "vpcService"
✓ I refer to "{UID}" as "ReceiverVpcId"
✓ I refer to "{Cn03NonAllowlistedRequesterVpcId}" as "NonAllowlistedRequesterVpcId"
✓ I load environment variable "CN03_PEER_TRIAL_MATRIX_FILE" as "PeerTrialMatrixFile"
✓ "{ReceiverVpcId}" is not nil
✓ "{NonAllowlistedRequesterVpcId}" is not nil
✓ I call "{vpcService}" with "EvaluatePeerAgainstAllowList" using argument "{NonAllowlistedRequesterVpcId}"
✓ "{result.AllowedListDefined}" is true
✓ "{result.Allowed}" is false
✓ I call "{vpcService}" with "AttemptVpcPeeringDryRun" using arguments "{NonAllowlistedRequesterVpcId}" and "{ReceiverVpcId}"
✓ "{result.DryRunAllowed}" is false
✓ "{result.AllowListDefined}" is true
✓ "{result.RequesterInAllowList}" is false
✓ "{result.GuardrailExpectation}" is "deny"
✓ "{result.GuardrailMismatch}" is false
✓ "{result.ExitCode}" should be greater than "0"
✓ "{result.Reason}" contains "guardrail aligned"
✓ "{result.ConflictType}" is "" | vpc-0d5625cb163976d86 | vpc | Enforcement proof (dry-run): non-allowlisted requester is denied even when not explicitly listed as disallowed |